Whats stopping people from changing code in the client application as if people wanted to, they could easily just unpack all the class files and repackage them.

Basically nothing. In the past all sorts of compression, encryption, obfuscation etc. have been tried and were circumvented or broken by curious or malevolent people.

They can even build a new client that speaks the same protocol and run that against your server (if they can't hack your client due to your security measurements).

If you concern is safety and consitency, you must assume that clients are being hacked (or just buggy) and try to have all checks and game logic on server side, not in th access of the client. Only if all your logic is on teh eserver and the client is merely an input/output device you have some safety - but hackers will try to trick the server into unwanted actions by bogus input data thus you must check all input data not only on valid ranges but also if it is valid in the context of the clients state (whcih needs to be modeled/mirrored on the server side to some extend for this).

If you have a game that's popular enough for people to cheat at, you should be happy - it means you have a fun game that people will likely pay money for. The trick is actually making the game people want to cheat at.

java-gaming.org is not responsible for the content posted by its members, including references to external websites,
and other references that may or may not have a relation with our primarily
gaming and game production oriented community.
inquiries and complaints can be sent via email to the info‑account of the
company managing the website of java‑gaming.org